CVE-2023-36029

Опубликовано: 02 нояб. 2023

Источник: msrc

CVSS3: 4.3

EPSS Низкий

Описание

Microsoft Edge (Chromium-based) Spoofing Vulnerability

FAQ

According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?

The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site.

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

The user would have to click on a specially crafted URL to be compromised by the attacker.

What is the version information for this release?

Microsoft Edge Channel	Microsoft Edge Version	Date Released	Based on Chromium Version
Stable	119.0.2151.44	11/02/2023	119.0.6045.105/.106
Extended Stable	118.0.2088.88	11/02/2023	118.0.5993.129

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

Older Software Release

Exploitation Less Likely

EPSS

Процентиль: 31%

0.0012

Низкий

4.3 Medium

CVSS3

Связанные уязвимости

CVE-2023-36029

CVSS3: 4.3

nvd

больше 2 лет назад

Microsoft Edge (Chromium-based) Spoofing Vulnerability

GHSA-4742-9c9c-4wf7

CVSS3: 4.3

github

больше 2 лет назад

Microsoft Edge (Chromium-based) Spoofing Vulnerability

BDU:2023-07673

CVSS3: 4.3

fstec

больше 2 лет назад

Уязвимость браузера Microsoft Edge, связанная с ошибками представления информации пользовательским интерфейсом, позволяющая нарушителю проводить спуфинг-атаки

EPSS

Процентиль: 31%

0.0012

Низкий

4.3 Medium

CVSS3